In today's CXO Daily cybersecurity briefing, we break down the most urgent threats shaping enterprise risk—from escalating software supply chain attacks to rapidly evolving AI-driven cyber capabilities.

New reports reveal 36 malicious npm packages disguised as Strapi CMS plugins, highlighting how threat actors are exploiting SaaS dependency chains to gain persistent access through Redis and PostgreSQL backdoors. This signals a broader shift toward high-impact supply chain attacks targeting shared infrastructure across thousands of organizations.

We also examine mounting global regulatory pressure, as government agencies cite cybersecurity threats as a major barrier to digital transformation. With regulators demanding real-time reporting, auditability, and stronger vendor risk controls, CISOs and boards face increasing accountability across both internal systems and third-party ecosystems.

Meanwhile, a critical Fortinet vulnerability (CVE-2026-35616) is already being actively exploited, with proof-of-concept code circulating—raising immediate concerns for enterprise patching timelines and downstream supply chain exposure.

Additional coverage includes a major European Commission data breach linked to the TeamPCP threat group, ransomware campaigns targeting U.S. and U.K. schools, and new insights into Anthropic's next-generation AI model, Mythos. With advanced reasoning and code exploitation capabilities, Mythos underscores how AI could accelerate both cyber defense—and offensive attack speed—within a tightly controlled early-access environment.

Key themes: • Software supply chain security and npm attacks • Regulatory cybersecurity risk and compliance pressure • Fortinet vulnerability and active exploitation (CVE-2026-35616) • AI in cybersecurity: risks and opportunities (Anthropic Mythos) • Ransomware trends and public sector targeting

Stay ahead of emerging threats with daily intelligence built for CISOs, CIOs, and security leaders navigating today's rapidly evolving cyber risk landscape.